lsposed / androidhiddenapibypass Goto Github PK

LSPass: Bypass restrictions on non-SDK interfaces

License: Apache License 2.0

Java 100.00%

androidhiddenapibypass's Introduction

LSPosed Framework

Introduction

A Riru / Zygisk module trying to provide an ART hooking framework which delivers consistent APIs with the OG Xposed, leveraging LSPlant hooking framework.

Xposed is a framework for modules that can change the behavior of the system and apps without touching any APKs. That's great because it means that modules can work for different versions and even ROMs without any changes (as long as the original code was not changed too much). It's also easy to undo. As all changes are done in the memory, you just need to deactivate the module and reboot to get your original system back. There are many other advantages, but here is just one more: multiple modules can do changes to the same part of the system or app. With modified APKs, you have to choose one. No way to combine them, unless the author builds multiple APKs with different combinations.

Supported Versions

Android 8.1 ~ 14

Install

Install Magisk v24+
(For Riru flavor) Install Riru v26.1.7+
Download and install LSPosed in Magisk app
Reboot
Open LSPosed manager from notification
Have fun :)

Download

For stable releases, please go to Github Releases page
For canary build, please check Github Actions

Note: debug builds are only available in Github Actions.

Get Help

Only bug reports from THE LATEST DEBUG BUILD will be accepted.

GitHub issues: Issues
(For Chinese speakers) 本项目只接受英语标题的issue。如果您不懂英语，请使用翻译工具

For Developers

Developers are welcome to write Xposed modules with hooks based on LSPosed Framework. A module based on LSPosed framework is fully compatible with the original Xposed Framework, and vice versa, a Xposed Framework-based module will work well with LSPosed framework too.

Xposed Framework API

We use our own module repository. We welcome developers to submit modules to our repository, and then modules can be downloaded in LSPosed.

LSPosed Module Repository

Community Discussion

Telegram: @LSPosed

Notice: These community groups don't accept any bug report, please use Get help to report.

Translation Contributing

You can contribute translation here.

Credits

Magisk: makes all these possible
Riru: provides a way to inject code into zygote process
XposedBridge: the OG Xposed framework APIs
Dobby: used for inline hooking
LSPlant: the core ART hooking framework
EdXposed: fork source
~~SandHook: ART hooking framework for SandHook variant~~
~~YAHFA: previous ART hooking framework~~
~~dexmaker and dalvikdx: to dynamically generate YAHFA hooker classes~~
~~DexBuilder: to dynamically generate YAHFA hooker classes~~

License

LSPosed is licensed under the GNU General Public License v3 (GPL-3) (http://www.gnu.org/copyleft/gpl.html).

androidhiddenapibypass's People

Contributors

Stargazers

Watchers

Forkers

witchfindertr bedrankara gavz neevarpk crackercat andreabellitto softtanck skymarshall1l1l spysoos eagle518 zul7777 pterx kingking888 shuixi2013 shanyifeng lmhmike yangjinhe loulei netstu beginnersun voyagerjz jiangtao89 forbe lerist xuuhaoo xuwab xiaosenlin o2e zeirew iammegatron1776 softwareverde bundie1990 lzx225 backup-gits ckandroidproject soufff23 arryboom aer874475222 icodein hixio-mh bozaixing magicjva ognz congenital fengjixuchui marvinrr12 nick-botticelli gitlqr 2y2s1mple qiaijueqing heyoukang hsxutao demongit01 vishnusdharan devreaux samsquanch01 kevinroy-lo anonymma hxrper nimaarek aa41 marsxingzhi zktzktzkt wudelin nanixiaoseng syshare zjloong hxzg dreammaker0 lingyun1120 mobwu zubao hanbingwuxie ray-tianfeng zhn2174 androidstudioist ununtee skywalkerex sudami czzzzzzz wangyangzi yujincheng08 hpdx rebeldesigns-net samsprung xxoo2995 kiyan8293 gsyx666 a158684 xueyeshengdan jhanay moosphan jackyzhougithub mohamedabdullahmpt selectsex tomo06209 jgoodacre93 juiceyy surfndez wenbook123

androidhiddenapibypass's Issues

部分类型API需要增强

系统api 约束分为：

@hide
@UnsupportedAppUsage
@Systemapi
@testAPI

如你示例中，使用ApplicationInfo 中代码进行测试，测试代码如下:

    /**
     * @hide
     */
    public @HiddenApiEnforcementPolicy int getHiddenApiEnforcementPolicy() {}

    @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.P, trackingBug = 115609023)
    private boolean isPackageUnavailable(PackageManager pm) {}

   @SystemApi
    public boolean isEncryptionAware() {}
   /** @hide */
    @TestApi
    public boolean isSystemApp() {}

测试结果如下：

 java.lang.NoSuchMethodException: android.content.pm.ApplicationInfo.isPackageUnavailable [class android.content.pm.PackageManager]

结果：
@UnsupportedAppUsage类型兼容需要增强

Shahzad

Add a getDeclaredMethod() function

Would you add the following API?
Method getDeclaredMethod(String name, Class...<?> parameterTypes)

The reasons are:

we can cache the founded Method in our own class so it does not have to look up methods for each invoke() call
easier for developers to find the polymorphism function

Public the checkArgsForInvokeMethod() function is also an acceptable workaround.

Use HiddenApiBypass.invoke() or Method.invoke()?

I noticed that version 3.0 adds a HiddenApiBypass.invoke() function.
Is the HiddenApiBypass.invoke() just a helper function, or do we have to change to use this function instead of the traditional Method.invoke() function?

What about the Field.get()?
I don't see a HiddenApiBypass.get() function provided.

adb shell sh /storage/emulated/0/Android/data/moe.shizuku.privileged.api/start.sh

Hhvhiijfffg

JDK 11 build failed.

H

Bypass

调用@RequiresPermission的方法报错

调用方法报错，提示Caused by: java.lang.SecurityException: You need MANAGE_USERS or GET_ACCOUNTS_PRIVILEGED permissions to: get user name，请问此类方法如何绕过检查系统权限。

private void getUserNameByPass() throws ClassNotFoundException, InvocationTargetException, NoSuchMethodException, IllegalAccessException {
if (android.os.Build.VERSION.SDK_INT > 27) {
// Object obj = org.lsposed.hiddenapibypass.HiddenApiBypass.invoke(Class.forName("dalvik.system.VMDebug"), null, "getInstancesOfClasses", new Class[]{MainActivity.class}, true);
Class<?> cls = UserManager.class;
Object objRet = HiddenApiBypass.invoke(cls, mUserManager, "getUserName"/, args/);
Log.d(TAG, "ret = " + objRet);
if (objRet instanceof String) {
String userName = (String) objRet;
Log.d(TAG, "userName = " + userName);
}
}
}

你看看你的标题，再看看报错信息

          你看看你的标题，再看看报错信息

Originally posted by @vvb2060 in #45 (comment)

高版本系统（Android 14，一加手机）android.net.ConnectivityManager.sCallbacks属性值无法获取

class dalvik.system.VMRuntime has 1880511944 methods

Works pretty decent on my demo,but crashed when moving to my project. Log shows : class dalvik.system.VMRuntime has 1880511944 methods.

Occasionally crashed on huawei HONOR-REA-AN00

Occasionally crashed on huawei HONOR-REA-AN00  :

Fatal signal 6 (SIGABRT), code -1 (SI_QUEUE), fault addr --------
Abort message: 'Scudo ERROR: invalid chunk state when deallocating address 0x200007c0d795040 '
x0 0000000000000000 x1 00000000000048ef x2 0000000000000006 x3 0000007b5b096180
x4 0000000000808080 x5 0000000000808080 x6 0000000000808080 x7 8080808080808080
x8 00000000000000f0 x9 0000007e97258398 x10 0000000000000001 x11 0000007e972985b8
x12 0101010101010101 x13 000000007fffffff x14 000000000101545c x15 0000000000000030
x16 0000007e972fcf88 x17 0000007e972da450 x18 0000007b3d67e000 x19 00000000000040e2
x20 00000000000048ef x21 00000000ffffffff x22 0000000000000000 x23 0000000000000060
x24 0000000000000000 x25 0000000000000000 x26 0000000000000004 x27 0000000000000001
x28 0000007b5b098000 x29 0000007b5b096200
sp 0000007b5b096160 lr 0000007e9728a044 pc 0000007e9728a070

caused by:
SIGABRT(-1) Abort

backtrace:
#00 pc 0000000000054070 /apex/com.android.runtime/lib64/bionic/libc.so (abort+164)
#01 pc 00000000000429c4 /apex/com.android.runtime/lib64/bionic/libc.so (_ZN5scudo3dieEv+8)
#02 pc 0000000000043070 /apex/com.android.runtime/lib64/bionic/libc.so (_ZN5scudo17ScopedErrorReportD2Ev+32)
#03 pc 00000000000433d0 /apex/com.android.runtime/lib64/bionic/libc.so (_ZN5scudo23reportInvalidChunkStateENS_15AllocatorActionEPv+116)
#04 pc 0000000000044bf0 /apex/com.android.runtime/lib64/bionic/libc.so (_ZN5scudo9AllocatorINS_13AndroidConfigEXadL_Z21scudo_malloc_postinitEEE10deallocateEPvNS_5Chunk6OriginEmm+308)
#05 pc 00000000002def1c /apex/com.android.art/lib64/libart.so (_ZNSt3__16vectorINS_12basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEENS4_IS6_EEE6assignIPS6_EENS_9enable_ifIXaasr21__is_forward_iteratorIT_EE5valuesr16is_constructibleIS6_NS_15iterator_traitsISC_E9referenceEEE5valueEvE4typeESC_SC_+304)
#06 pc 00000000005714d8 /apex/com.android.art/lib64/libart.so (_ZN3artL32VMRuntime_setHiddenApiExemptionsEP7_JNIEnvP7_jclassP13_jobjectArray+404)
#07 pc 000000000000fe60 /system/framework/arm64/boot-core-libart.oat (art_jni_trampoline+128)

miui 12.5 21.6.2 开发版 andoird11 上还是不行呐

如题，miui新版上还是不行呐。

Not Support Android S?

Cannot run on Android S.

trouble with oneplus device

shizuku wouldnt start on my oneplus nord. eventually found out that you have to toggle the 'disable permission monitoring' option in Developer settings for oneplus devices. it would be nice if you could note that along with the other device specific notes on the setup guide.

Google is forbidding this way ？

The code from art/runtime/java_lang_Class.cc

`
// Check classes in the java.lang.invoke package. At the time of writing, the
// classes of interest are MethodHandles and MethodHandles.Lookup, but this
// is subject to change so conservatively cover the entire package.
// NB Static initializers within java.lang.invoke are permitted and do not
// need further stack inspection.
ObjPtrmirror::Class lookup_class = GetClassRootmirror::MethodHandlesLookup();
if ((declaring_class == lookup_class || declaring_class->IsInSamePackage(lookup_class))
&& !m->IsClassInitializer()) {
return true;
}

why use "var" to define variable

isn't it a Java library?

android invoke hide api have InvocationTargetException in Android 12

my code:

HiddenApiBypass.addHiddenApiExemptions("");
Class<?> c = Class.forName("dalvik.system.VMDebug");
if(android.os.Build.VERSION.SDK_INT>=28) {
                getInstancesOfClassesMethod = c.getDeclaredMethod("getInstancesOfClasses",
                        Class[].class, Boolean.TYPE);
}
//            return (Object[][]) HiddenApiBypass.invoke(
//                    Class.forName("dalvik.system.VMDebug"),
//                    null,"getInstancesOfClasses",
//                    new Object[]{classes, assignable}
//                    );
            return (Object[][]) getInstancesOfClassesMethod.invoke(
                    null,
                    new Object[]{classes, assignable});

This code can run successfully on Android 11, but InvocationTargetException exception on the 12 version 。

Maybe need to replace the license to GPL v2 with Classpath Exception

这个文件应该是 OpenJDK 的一部分，

AOSP 里面也有类似关于 Unsafe 的 stub，他们在使用的时候都保留了原 Notice ，例如这个：
Unsafe.java

鉴于 GPL 的传染性，也许整个这个项目应该都换成 GPL v2 with Classpath Exception 许可证

Not working in android level 12

hello.
I using HokoBlurDrawable and Using method callDrawGLFunction2 in class android.graphics.RecordingCanvas.
i try to use this in api 30 to the top.

机型无法获取obtainTempTypedValue方法，返回NUll

系统：HUAWEI Mate 9（API 28）
机型：MHA-AL00
在这个机型上无法反射调用Resource里面的obtainTempTypedValue

请教一个问题！帮忙解答一下谢谢！

这里numMethods为什么是方法数量？methods 能理解是Class类中的方法数组的偏移地址，但是为什么 int numMethods = unsafe.getInt(methods); 就成了数量了？

Failed to resolve: org.lsposed.hiddenapibypass:hiddenapibypass:4.3

已配置过repositories，其它包也可以正常导入

Failed to resolve: com.github.LSPosed:AndroidHiddenApiBypass:v4.3
Show in Project Structure dialog
Show Details
Affected Modules: app

Ask Gemini